From adc1007d7d35726890a2999342c49f8daf11a02a Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Sat, 4 Jul 2020 09:41:46 -0400 Subject: [PATCH] Mark 'gss-group1-sha1-' kex as failure due to 1024-bit modulus. --- ssh-audit.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssh-audit.py b/ssh-audit.py index d0a7fa5..fdd91bf 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -644,7 +644,7 @@ class SSH2: # pylint: disable=too-few-public-methods 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [FAIL_1024BIT_MODULUS, FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_HASH_WEAK]], 'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]], 'gss-gex-sha1-': [[], [], [WARN_HASH_WEAK]], - 'gss-group1-sha1-': [[], [], [WARN_HASH_WEAK]], + 'gss-group1-sha1-': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]], 'gss-group14-sha1-': [[], [], [WARN_HASH_WEAK]], 'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': [[], [], [WARN_HASH_WEAK]], 'gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==': [[]],